William Gibson is not just a great storyteller, he is also a prophet. Not in the religious sense, but rather in the sense that he wrote stories (in the 1980s) about malicious software (malware) built by (or for) a national military or government for the sole purpose of attacking and destroying enemy assets. Gibson wrote these stories in a near-future world where governments routinely augment their conventional war-fighting operations with dedicated software.
That future has arrived. For those of you who don’t follow information technology news, allow me to introduce you to Stuxnet.
Information warfare experts around the world have been working on reverse-engineering this malware since it first came to their attention in June. Unlike most such programs, this worm requires no input or actions from a user. It is specifically designed to infiltrate industrial control systems, such as power plants or manufacturing centers. It is also a precision bit of weaponized software- there is apparently only one set of machines on the planet which will activate the worm’s destructive programming, and then only if certain applications are in use. Once activated, Stuxnet will apparently take control of the target system and cause it to operate outside parameters- effectively damaging or destroying that equipment. They think. It could just infiltrate the system and shut it down, whereupon the author(s) can contact the target’s owners and demand a ransom for returning control. Given the complexity and precision of the programming, this is considered unlikely.
Despite what you’ve seen in movies or TV shows, most hackers are not that skillful. Most are merely using bits and pieces of software created by others to launch their attacks. The super-nerd with a shit-hot computer system and a superfast internet connection doesn’t really exist outside of Hollyweird. As a result, most information warfare attacks you hear or read about are fairly crude (relatively speaking). These attacks succeed largely because most computer users are unbelievably stupid. There are dozens of companies who make a living keeping up to date on the current state of the art and providing protection against the various iterations of worms, viruses, and similar malware. Many of them wrote some of the original software which script kiddies are still using today.
Computer security experts are amazed and scared shitless by the staggering mount of programming built into Stuxnet. Amazed by the exquisite care with which the worm seeks a very precise target, and scared because this is the first documented case of such weaponized software. Stuxnet is the result of a single person of surpassing aptitude on a long series of good days or the end product of an industrialized, Manhattan Project-type directed effort by a large number of very skilled programmers working together. Outside of Hollyweird, that sort of effort is thought to be possible only for governments or very large corporations (or both).
Gibson coined the term ICE for his stories. ICE is an acronym for Intrusion Countermeasures Electronics. Most ICE was used to prevent unauthorized access, and operated mainly by disconnecting the unauthorized user from the targeted system or network. The cyber-bravos in Gibson’s tales were also familiar with something called Black ICE. This sort of program would kill or incapacitate unauthorized users. Stuxnet is similar in that it causes damage outside of computer networks. Stuxnet is a purpose-built weapon.
Welcome to the future. Mind that first step …
Suggested reading: Neuromancer, Count Zero, Mona Lisa Overdrive, Burning Chrome– all by William Gibson
Current status: Intrigued
Current music: I Want You To by Weezer